=?UTF-8?Q?Gabriel=20Iv=C4=83ncescu=20?=: shell32/autocomplete: Avoid another buffer overflow and handle arbitrary sizes for the auto-append string.

Alexandre Julliard julliard at winehq.org
Wed Sep 19 16:28:12 CDT 2018 

Module: wine
Branch: master
Commit: 2a8df60a8c4e0dd335b0af902b2552e9c248652b
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=2a8df60a8c4e0dd335b0af902b2552e9c248652b

Author: Gabriel Ivăncescu <gabrielopcode at gmail.com>
Date:   Tue Sep 18 23:59:53 2018 +0300

shell32/autocomplete: Avoid another buffer overflow and handle arbitrary sizes for the auto-append string.

Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
Signed-off-by: Huw Davies <huw at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/shell32/autocomplete.c | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/dlls/shell32/autocomplete.c b/dlls/shell32/autocomplete.c
index 38f53db..86abab3 100644
--- a/dlls/shell32/autocomplete.c
+++ b/dlls/shell32/autocomplete.c
@@ -126,6 +126,28 @@ static size_t format_quick_complete(WCHAR *dst, const WCHAR *qc, const WCHAR *st
     return dst - base;
 }
 
+static void autoappend_str(IAutoCompleteImpl *ac, WCHAR *text, UINT len, WCHAR *str, HWND hwnd)
+{
+    WCHAR *tmp;
+    size_t size;
+
+    /* The character capitalization can be different,
+       so merge text and str into a new string */
+    size = len + strlenW(&str[len]) + 1;
+
+    if ((tmp = heap_alloc(size * sizeof(*tmp))))
+    {
+        memcpy(tmp, text, len * sizeof(*tmp));
+        memcpy(&tmp[len], &str[len], (size - len) * sizeof(*tmp));
+    }
+    else tmp = str;
+
+    SendMessageW(hwnd, WM_SETTEXT, 0, (LPARAM)tmp);
+    SendMessageW(hwnd, EM_SETSEL, len, size - 1);
+    if (tmp != str)
+        heap_free(tmp);
+}
+
 static void autocomplete_text(IAutoCompleteImpl *ac, HWND hwnd, enum autoappend_flag flag)
 {
     HRESULT hr;
@@ -166,12 +188,7 @@ static void autocomplete_text(IAutoCompleteImpl *ac, HWND hwnd, enum autoappend_
         {
             if (cpt == 0 && flag == autoappend_flag_yes)
             {
-                WCHAR buffW[255];
-
-                strcpyW(buffW, text);
-                strcatW(buffW, &strs[len]);
-                SetWindowTextW(hwnd, buffW);
-                SendMessageW(hwnd, EM_SETSEL, len, strlenW(strs));
+                autoappend_str(ac, text, len, strs, hwnd);
                 if (!(ac->options & ACO_AUTOSUGGEST))
                 {
                     CoTaskMemFree(strs);

More information about the wine-cvs mailing list